As a conference attendee representing security vendors throughout the years, I spend most of my time in meetings with customers, prospects, analysts, partners, on booth duty, and attending evening parties, with only the periodic consumption and delivery of actual RSA sessions. But every now and again, I break out and experience the “real” RSA Conference. This year, among the 600 cybersecurity vendors at RSA Conference 2020, I noticed some common cloud security themes. As part of providing thought leadership, I’d like to share these themes as we see them here at Sonrai Security.
Zero Trust is more than a buzzword
Many of the keynote speakers and thought leaders including, Gigamon CEO Paul Hooper, covered the world of zero trust. In this new paradigm, identities are the new perimeter, as businesses continue to deploy infrastructure and applications more tightly coupled and without traditional demarcation points, like firewalls.
Back in the old days, when we housed our applications in private data centers, we could rely on the network perimeter to provide a layer of security. Unfortunately, much of this has evaporated with the move to public cloud providers. Many recent data breaches have occurred because of misconfigurations and assignment of roles that are too broad in the permissions they allow, oftentimes unknown even to the most sophisticated and well-staffed organizations.
The Zero Trust model is a principle synonymous with cloud security. In a zero-trust architecture, all entities are considered untrustworthy and must authenticate themselves before being granted access to resources. Best practices dictate the application of the Principle of Least Privilege. Least privilege means that an organization grants an entity the least possible combination of permissions required to accomplish its tasks.
At the center of zero trust security framework is the Identity and Access Management (IAM) system. IAM systems use a variety of methods to establish the identity of a resource and then use roles to assign permissions. Implementing, maintaining, and monitoring IAM to ensure that the security principles of least privilege are applied while maintaining granular access to resources, is central to the security of your cloud infrastructure.
Security integration is necessary
Traditional security companies, like those that focus on OS and virtualization, often claim they can deliver all the security on their own, but we’ve seen time and time again that this isn’t always the case. In turn, public cloud providers have done a better job at building security into their infrastructure while partnering with security vendors. While this is a great improvement, it does not ensure that your organization is fully protected. Given the nature of existing environments, security can’t be an afterthought or bolted-on the way companies have done it in the past. Keeping up with an adversary is a constant arms race, and a manufacturer whose primary mission is to develop an OS or virtualization isn’t likely to make the investments necessary to successfully keep up with vendors, like AWS, Microsoft and Google, where security is critical to their business model.
For example, AWS Security Hub gives a range of powerful security tools, from firewalls and endpoint protection to vulnerability and compliance scanners, and aggregates, organizes, and prioritizes security alerts and findings, from multiple AWS services. Also, AWS integrates with cloud security providers continuously, including organizations like Sonrai Security.
Another example is Microsoft Azure Security Center with built-in controls and services across data, networking apps, and more. Azure provides unified security management and advanced threat protection across cloud workloads.
As more and more companies seem to be utilizing public cloud services, I would recommend that as a business principle, organizations make the appropriate investments in reducing their attack surface and limiting the blast radius should an incident occur. The key to achieving this is through improving IAM hygiene and compliance coupled with immediate detection of misconfigurations, anomalous behavior, and out-of-policy activity.
Cloud Security is cloudy among vendors
Out of the 600 cybersecurity vendors at RSA Conference 2020, most use the same terminology around “cloud security” even though we are often not talking about the same thing. Holistically, the industry is still working its way towards a generally accepted definition of what securing the cloud means. To me, cloud security should focus on protecting access to where the crown jewels of an organization, like your data and intellectual property, can be found. Organizations care about ensuring that their data is protected as their valuable assets move up to Amazon Web Services, Microsoft Azure, or Google Cloud.
Cloud Service providers, like Amazon Web Services, Microsoft Azure, and Google Cloud with their deep security budgets and rosters of tech talent, do an excellent job of securing their side of the Shared Responsibility Model, but many organizations struggle to uphold their half. Through 2022, Gartner predicts 95% of the cloud security failures will occur on the customer side of the Shared Responsibility Model. With this in mind, it’s important to partner with a provider who understands, and is deeply focused on, cloud security to protect crown jewel data.
Maintaining the confidentiality, integrity, and availability of your applications and data is of utmost importance to all organizations in today’s business environment. It has long since moved out of the realm of an IT problem and now represents a core business problem; one breach could significantly impact your bottom line or could even put you out of business. Fortunately, you don’t have to embark on this journey alone. Organizations like Sonrai Security have vast depths of experience in designing, managing, and protecting data for the largest enterprises in the world. Whether you’re hosting your applications in AWS, Azure, Google Cloud, or pursuing a multi-cloud strategy across multiple providers, Sonrai has the experience to help you design and manage a security strategy that works and is easier to maintain and scale.